System and method for controlling communication using device ID

ABSTRACT

A client terminal reads a device ID fixedly assigned to itself, and sends the device ID to an authentication server to make a request for authentication. The authentication server authenticates the device ID accepted from the client terminal. When succeeding in the authentication, the authentication server issues and sends a ticket to the client terminal. The client terminal receives the ticket, and then sends the ticket to a locator server to make a request for registration of an IP address. The locator server verifies the correctness of the accepted ticket. When the correctness is confirmed, the locator server registers an ID and the IP address of the client terminal in a manner that they are associated with each other, and replies the completion of the registration.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to a communication managementtechnology, and especially relates to a technology for managingcommunication over a network between terminals.

[0003] 2. Description of the Related Art

[0004] By the widespread use of communication environment using theInternet, it has become possible for a user of a terminal such as apersonal computer and the like to casually enjoy communicating withanother user over the Internet. A specialized game machine adapted tonetwork connection is also widely used, and hence the user has been ableto play a versus game and the like with other users over the Internet.

[0005] To carry out communication over the Internet, a terminal isidentified by use of an IP (Internet Protocol) address, which isuniquely assigned to each terminal. Under present circumstances, most ofthe users connect to an Internet Service Provider (ISP) through a publicnetwork, and connect to the Internet with the use of IP addressesassigned by the ISP. The IP address assigned by the ISP is generallyunfixed, and is dynamically assigned whenever connection is made.

[0006] A user cannot directly communicate with a terminal of a certainuser over the Internet without knowing an IP address assigned to theterminal, even if he/she knows a device ID which is uniquely and fixedlyassigned to the terminal. Thus, in the case of communicating with theterminal the IP address of which is dynamically assigned, it isnecessary to get the IP address assigned thereto whenever communicationis made.

SUMMARY OF THE INVENTION

[0007] In view of such a situation described above, an object of thepresent invention is to provide a technology for improving theconvenience of communication over a network between terminals.

[0008] One aspect of the present invention relates to a communicationmanagement system. The communication management system comprises aterminal of a user, an authentication server which authenticates theterminal, and a management server which manages network addresses whichuniquely identify the terminals on a network. The terminal comprises aholding unit, an authentication request unit, a certificate acquisitionunit, and a registration request unit. The holding unit holds a deviceID which is specifically assigned to each terminal in such a manner asto uniquely identify the terminal. The authentication request unit readsthe device ID from the holding unit, and sends the device ID to theauthentication server to make a request for authentication. Thecertificate acquisition unit acquires a certificate, which certifiessuccess in the authentication, from the authentication server. Theregistration request unit sends the certificate to the managementserver, to make a request for registration of the network address, whichis assigned to the own terminal. The authentication server comprises anauthentication reception unit, an authentication unit, and a certificateissue unit. The authentication reception unit acquires the device IDfrom the terminal and receives the request for the authentication. Theauthentication unit authenticates the correctness of the device ID ofthe terminal. The certificate issue unit issues a certificate whensucceeding in the authentication of the terminal. The management servercomprises a database, a registration reception unit, a registrationunit, an inquiry reception unit, a search unit, and an answer unit. Thedatabase holds an ID, uniquely identifying the terminal, and the networkaddress in such a manner that they are associated with each other. Theregistration reception unit acquires the certificate from the terminal,and receives the request for registration of the network address of theterminal. The registration unit verifies the correctness of thecertificate, and registers the ID and the network address of theterminal in the database when the certificate is confirmed to becorrect. The inquiry reception unit receives the request for inquiringthe network address of the terminal. The search unit searches throughthe database on the basis of the ID of the terminal as the target of aninquiry, to acquire the network address of the terminal. The answer unitanswers search result.

[0009] The network may be, for example, the Internet, a LAN, a WAN, andthe like. In the case of the Internet, for example, the network addressmay be an IP address. The device ID may be stored in ROM (Read OnlyMemory), which is provided inside the terminal and un-rewritable fromoutside, during manufacturing the terminal.

[0010] The authentication server may further comprise an ID issue unit,which issues an ID for uniquely identifying the terminal when succeedingin the authentication of the terminal. The management server may furthercomprise a group database for holding information related to a groupwhich includes the plurality of terminals. The inquiry reception unitmay receive a request for an inquiry about the group, and the searchunit may search through the group database on the basis of the requestfor the inquiry. The management server may further comprise a matchingcontrol unit which controls matching of a communication partner betweenthe terminals. The inquiry reception unit may receive a requirement forthe communication partner, and the search unit may search through thedatabase on the basis of the requirement. The matching control unit maydetermine the communication partner on the basis of search result, andthe answer unit may answer the communication partner.

[0011] A series of processes from that the terminal reads the device IDto make the request for authentication, to that the network address ofthe terminal is stored in the database of the management server, may beautomatically carried out without involvement by the user.

[0012] It is to be understood that any combinations of the foregoingcomponents, and expressions of the present invention having theirmethods, apparatuses, systems, recording media, computer programs, andthe like converted mutually are also intended to constitute applicableaspects of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS

[0013]FIG. 1 is a block diagram showing the whole structure of acommunication management system according to a first embodiment;

[0014]FIG. 2 is a sequence diagram which shows a schematic procedure forassigning an IP address to a client terminal in the communicationmanagement system;

[0015]FIG. 3 is a sequence diagram which shows a schematic procedure forregistering the IP address of the client terminal on a locator server inthe communication management system;

[0016]FIG. 4 is a sequence diagram which shows a schematic procedure forinquiring of the locator server about the IP address of the clientterminal in the communication management system;

[0017]FIG. 5 is a block diagram showing the internal structure of anauthentication server according to the first embodiment;

[0018]FIG. 6 is a block diagram showing the internal structure of thelocator server according to the first embodiment;

[0019]FIG. 7 is a table showing an example of internal data in a userdatabase according to the first embodiment;

[0020]FIG. 8 is a block diagram showing the internal structure of theclient terminal according to the first embodiment;

[0021]FIG. 9 is a block diagram showing the internal structure of alocator server according to a second embodiment;

[0022]FIG. 10 is a table showing an example of internal data in a userdatabase according to the second embodiment;

[0023]FIG. 11 is a table showing an example of internal data in a groupdatabase according to the second embodiment;

[0024]FIG. 12 is a block diagram showing the internal structure of alocator server according to a third embodiment; and

[0025]FIG. 13 is a table showing an example of internal data in a userdatabase according to the third embodiment.

DETAILED DESCRIPTION OF THE INVENTION

[0026] The invention will now be described based on preferredembodiments which do not intend to limit the scope of the presentinvention but exemplify the invention. All of the features and thecombinations thereof described in the embodiments are not necessarilyessential to the invention.

[0027] (First Embodiment)

[0028]FIG. 1 shows the whole structure of a communication managementsystem 10 according to a first embodiment. In the communicationmanagement system 10, an authentication server 100 for authenticatingclient terminals 300, and a locator server 200 as an example of amanagement server for managing the IP addresses of the client terminals300 are connected to the Internet 20 as an example of a network. Theclient terminals 300 a and 300 b used by users are connected toconnection servers 30 a and 30 b of an internet service provider via apublic network 40, respectively. The connection servers 30 a and 30 bmediate connection to the Internet 20. Thereby, the client terminals 300a and 300 b are connected to the Internet 20 via the connection servers30 a and 30 b.

[0029] In this embodiment, the IP address of the client terminal 300 aauthenticated by the authentication server 100 is registered in thelocator server 200, in order to make communication possible over theInternet 20 between the client terminals 300 a and 300 b. The IPaddresses of the client terminals 300 a and 300 b are dynamicallyassigned by the connection servers 30 a and 30 b. When the clientterminal 300 b makes a request of the locator server 200 to inquireabout the IP address of the client terminal 300 a, the locator server200 replies the IP address of the client terminal 300 a to the clientterminal 300 b. Thus, the client terminal 300 a can disclose the own IPaddress, which is dynamically assigned to itself, to another clientterminal 300 b. The client terminal 300 b can acquire the IP addressdynamically assigned to the client terminal 300 a as a communicationpartner, and communicate with the client terminal 300 a on the Internet20.

[0030] In this embodiment, when the authentication server 100authenticates the client terminal 300, the authentication server 100accepts a device ID and verifies the correctness thereof, instead ofverifying the combination of an ID and a password accepted from theclient terminal 300 as with an ordinary case. The device ID is uniquelyassigned to each client terminal 300 and held in a tamperproof manner.Thus, the user is released from the inconvenience of remembering the IDand the password, and from the time and effort of inputting them inauthentication, with ensuring sufficient security. Since this methodrequires no involvement by the user, it is also possible that the clientterminal 300 automatically accesses the authentication server 100 tomake a request for authentication. Furthermore, it is also possible toautomate the process for registering the IP address in the locatorserver 200 after the authentication, in a like manner. Thus, a series ofauthentication process and registration process can be automaticallycarried out without involvement by the user, when the client terminal300 is activated, or when the client terminal 300 is connected to theInternet 20 and the IP address is assigned thereto. Therefore, processthat the client terminal 300 registers the IP address in the locatorserver 200 is completed without making the user aware, so that it ispossible to further improve the convenience of the user.

[0031] To realize the foregoing authentication method, in thisembodiment, only a device, to which a device ID administered by theauthentication server 100 is assigned, is available as the clientterminal 300 allowed to be registered in the locator server 200. Inother words, only a device, which is assured that its device ID isunique and held in a tamperproof manner, is authenticated and allowed tobe registered in the locator server 200. A device without assurances ofthe uniqueness and correctness of its device ID is refused to beregistered in the locator server 200. Thus, it is prevented that an IPaddress of the client terminal 300 cannot be specified because the ID ofthe client terminal 300 registered on the locator server 200 is the sameas the ID of other client terminal 300. Furthermore, it is preventedthat a mala fide third party carries out communication with disguisinghimself/herself as another client terminal 300. To prevent the leakageand tampering of the device ID, the device ID may be coded when theclient terminal 300 sends its device ID to the authentication server100. Otherwise, a digital sign may be attached to the device ID.Therefore, it is possible to further improve security.

[0032]FIG. 2 is a sequence diagram which shows a schematic procedure forassigning an IP address to the client terminal 300 a in thecommunication management system 10. First, the client terminal 300 arequires the connection server 30 a to connect the client terminal 300 ato the Internet 20 (S10). The connection server 30 a selects one of IPaddresses, which are not assigned to the other terminals, and assigns itto the client terminal 300 a (S12). Then, the connection server 30 ainforms the client terminal 300 a of the assigned IP address (S14). Theclient terminal 300 a carries out communication on the Internet 20 byuse of the assigned IP address. It changes whenever connection is madethat which IP address is assigned to the client terminal 300 a, out ofthe IP addresses administered by the connection server 30 a. Thus, theIP address of the client terminal 300 a changes whenever connection ismade.

[0033]FIG. 3 is a sequence diagram which shows a schematic procedure forregistering the IP address of the client terminal 300 a in the locatorserver 200 in the communication management system 10. First, the clientterminal 300 a reads the device ID fixedly assigned to itself (S100),and sends the device ID to the authentication server 100 to requireauthentication (S102). The device ID is a specific ID which can uniquelyidentify each client terminal 300. The device ID is stored innonvolatile memory, which is provided in the client terminal 300 and isun-rewritable from outside, and is kept in a tamperproof manner. Theauthentication server 100 authenticates the device ID accepted from theclient terminal 300 a (S104). Succeeding in authentication, theauthentication server 100 issues a ticket used when the client terminal300 a registers its IP address in the locator server 200, and an ID(hereafter called “locator ID”) for uniquely identifying the clientterminal 300 a (S106). Then, the authentication server 100 sends theticket and the locator ID to the client terminal 300 a (S108). Thisticket is a certificate for certifying success in the authentication ofthe terminal. To prevent fraudulent forgery, for example, a digital signof the authentication server 100 may be attached to the ticket. Toprevent leakage into a third party, for example, the ticket may be codedby a public key of the locator server 200. The locator ID is used foruniquely identifying the client terminal 300 in the locator server 200.The locator ID may be the translation of the device ID in accordancewith a predetermined rule, and the same locator ID may be fixedly issuedto the same client terminal 300.

[0034] The device ID may be used for identifying the client terminal 300in the locator server 200. The device ID, however, is the extremelyimportant information which is used for the authentication of the clientterminal 300, so that it is avoided to inform the locator server 200 ofthe device ID in this embodiment. The locator server 200 identifies theclient terminal 300 by the locator ID, which is issued by theauthentication server 100. Therefore, it is possible to minimize thedanger of the leakage of the device ID.

[0035] Upon receiving the ticket from the authentication server 100, theclient terminal 300 a sends the ticket and the IP address assigned toitself to the locator server 200, in order to make a request forregistration of the IP address (S110). The locator ID and the IP addressof the client terminal 300 a, and information indicating the correctnessthereof are sent to the locator server 200. In this embodiment, theticket includes the locator ID of the client terminal 300 a. The locatorserver 200 verifies the correctness of the ticket received from theclient terminal 300 a (S112). In confirming the correctness, the locatorID and the IP address of the client terminal 300 a are registered in thelocator server 200 in a manner that they are associated with each other(S114). Then, the locator server 200 replies the completion ofregistration to the client terminal 300 a (S116). The client terminal300 a, as described above, may automatically carry out the series ofprocedures like above without the medium of directions by the user.

[0036]FIG. 4 is a sequence diagram which shows a schematic procedure forinquiring of the locator server 200 about the IP address of the clientterminal 300 a in the communication management system 10. The clientterminal 300 b as the inquirer sends the locator ID of the clientterminal 300 a as the target of inquiry to the locator server 200, inorder to request the inquiry about the IP address of the client terminal300 a (S200). The locator server 200 searches for the IP address of theclient terminal 300 a on the basis of the locator ID of the clientterminal 300 a received by the client terminal 300 b (S202), and repliessearch result to the client terminal 300 b (S204). Thus, the clientterminal 300 b can get the IP address of the client terminal 300 a asthe communication partner by memorizing the locator ID of the clientterminal 300 a, even if the IP address thereof is dynamically changed.Therefore, the client terminal 300 b can communicate with the clientterminal 300 a on the Internet 20.

[0037]FIG. 5 shows the internal structure of the authentication server100. This structure is realized by a CPU, a memory, and other LSI of anarbitrary computer in hardware, and by a program loaded to the memoryand the like in software, but function blocks realized by theconjunction of them are illustrated in FIG. 5. Accordingly, thoseskilled in the art will realize that these function blocks are realizedby various forms, such as only hardware, only software, or combinationthereof. The authentication server 100 comprises a communication controlunit 102, an authentication request reception unit 110, anauthentication unit 120, a ticket issue unit 130, and a terminaldatabase 140.

[0038] The communication control unit 102 controls communication withother devices on the Internet 20. The terminal database 140 stores thedevice ID of the client terminal 300 to be authenticated. The terminaldatabase 140 may be acquired from a maker of the client terminal 300, inother words, an entity which provided the client terminal 300 with thedevice ID. The authentication request reception unit 110 accepts therequest for authentication from the client terminal 300. At this time,the authentication request reception unit 110 acquires the device ID ofthe client terminal 300 as the source of request. The authenticationunit 120 authenticates whether the acquired device ID is coincident withthe device ID of the client terminal 300 which can receive service bythis communication management system 10 or not, with reference to theterminal database 140. In the case of failing in the authentication,failure in the authentication is responded to the client terminal 300through the communication control unit 102. In the case of succeeding inthe authentication, the ticket issue unit 130 issues the ticket tocertify success in the authentication, and the locator ID. Namely, theticket issue unit 130 also functions as an ID issue unit. The issuedticket and the locator ID are sent to the client terminal 300 throughthe communication control unit 102.

[0039]FIG. 6 shows the internal structure of the locator server 200.This structure is also realized by various forms, with the use of onlyhardware, only software, or combination thereof. The locator server 200comprises a communication control unit 202, a registration receptionunit 210, a registration unit 212, a response unit 214, a managementunit 220, a query reception unit 230, a search unit 232, an answer unit234, and a memory unit 240 in which a user database 242 is stored.

[0040] The communication control unit 202 controls communication withother devices on the Internet 20. The user database 242 storesinformation related to the client terminal 300 registered in the locatorserver 200. FIG. 7 shows an example of internal data of the userdatabase 242. The user database 242 is provided with a locater ID field400, an IP address field 402, and a registration time field 404. Thelocator ID and the IP address of the client terminal 300 are held in theuser database 242 in a manner that they are associated with each other.The registration time field 404, as described later, is used foradministering the expiration time of the registered IP address.

[0041] The registration reception unit 210 receives the request forregistering the IP address from the client terminal 300. At this time,the registration reception unit 210 acquires the locator ID and theticket of the client terminal 300 as the source of request. Theregistration unit 212 verifies the correctness of the acquired ticket.When the correctness of the ticket is confirmed, the registration unit212 registers the locator ID and the IP address of the client terminal300 as the source of the request in the user database 242 in a mannerthat they are associated with each other. Then, the response unit 214responds success in registration to the client terminal 300. When thecorrectness of the ticket is not confirmed, the response unit 214responds failure in the registration to the client terminal 300.

[0042] The query reception unit 230 receives the request for inquiringabout the IP address from the client terminal 300. At this time, thequery reception unit 230 acquires the locator ID of the client terminal300 as the target of inquiry. The search unit 232 searches through theuser database 242 for the locator ID of the client terminal 300 as thetarget of inquiry, to acquire the IP address presently assigned to theclient terminal 300. At this time, the search unit 232 may judge thatthe IP address of the client terminal 300, which is not updated for apredetermined time period or more since registration, is invalid withreference to the registration time field 404, because there is apossibility that such a client terminal 300 have been alreadydisconnected from the Internet 20. The answer unit 234 replies searchresult by the search unit 232 to the client terminal 300.

[0043] The query reception unit 230 may receive an inquiry whether theclient terminal 300 is being connected to the Internet 20 or not. Inthis case, the search unit 232 searches for whether or not the locatorID of the client terminal 300 is registered in the user database 242.When the locator ID is registered, the answer unit 234 replies that theclient terminal 300 is online. When the locator ID is not registered,the answer unit 234 replies that the client terminal 300 is offline.

[0044] The management unit 220 manages the expiration time of the IPaddress registered in the user database 242. After the client terminal300 registered in the user database 242 is disconnected from theInternet 20 by turning power off and the like, if the information of theclient terminal 300 remains in the user database 242, wrong informationis replied to another client terminal 300. To avoid such a situation,for example, the client terminal 300 may be repeatedly registered in thelocator server 200 at predetermined intervals, while the client terminal300 is connected to the Internet 20. In this case, the management unit220 refers to the registration time field 404 of the user database 242,and deletes the record of the client terminal 300 which has not beenupdated for a predetermined time period or more. The management unit 220may inquire of the client terminal 300 whether the client terminal 300is connected to the Internet 20 and the IP address is unchanged fromregistered one or not, after a lapse of predetermined time from theregistration date.

[0045]FIG. 8 shows the internal structure of the client terminal 300.This structure is also realized by various forms, with the use of onlyhardware, only software, or combination thereof. The client terminal 300comprises a communication control unit 302, an authentication requestunit 310, a ticket acquisition unit 312, a registration request unit314, a query request unit 320, an answer acquisition unit 322, acommunication unit 330, and a device ID hold unit 340.

[0046] The communication control unit 302 controls communication withother devices on the Internet 20. To connect with the Internet 20, thecommunication control unit 302 sends a connection request to theconnection server 30 through the public network 40, and acquires an IPaddress provided by the connection server 30. From then on, thecommunication control unit 302 carries out communication on the Internet20 by use of this IP address. The device ID hold unit 340, beingnonvolatile memory such as ROM and the like which is un-rewritable fromoutside, holds the specific device ID which can uniquely identify eachclient terminal 300. The device ID, written in the device ID hold unit340 during manufacturing the client terminal 300, is administered in atamperproof manner from then on.

[0047] The authentication request unit 310 reads the own device ID fromthe device ID hold unit 340, and sends the device ID to theauthentication server 100 to request the authentication. The ticketacquisition unit 312 acquires the ticket which the authentication server100 issues in authenticating the client terminal 300, and the locator IDissued by the authentication server 100. The registration request unit314 sends the acquired ticket to the locator server 200 to request forregistering the own IP address.

[0048] Before carrying out communication with another client terminal300 on the Internet 20, the query request unit 320 makes a request ofthe locator server 200 to inquire about the IP address of that clientterminal 300. The query request unit 320 may inquire of the locatorserver 200 about the online status of another client terminal 300. Theanswer acquisition unit 322 acquires an answer from the locator server200. The communication unit 330 carries out communication with theclient terminal 300, with the use of the IP address of the clientterminal 300 as the target of communication acquired from the locatorserver 200. Thus, since the client terminals 300 can communicate witheach other on the Internet 20, it is possible to realize, for example,IP telephone, a network game, and the like.

[0049] According to the communication management system 10 of thisembodiment, as described above, even if the IP address of the clientterminal 300 changes, it is possible to communicate with the clientterminal 300 on the Internet 20 by acquiring the IP address of theclient terminal 300 as the target of communication. In a case where themaker of the client terminal 300 manages this communication managementsystem 10, the maker can administer the device IDs of all clientterminals 300, so that it is possible to overall register the IPaddresses of all client terminals 300 and accept the inquiries aboutthem. Therefore, an individual service provider of a game and the likeusing the communication between the terminals does not need to providethe communication management system 10 according to this embodiment, andhence both the user and the service provider have significant advantage.

[0050] It is preferable that the maker of the client terminal 300manages the authentication server 100 from the viewpoint of securing theconfidentiality of the device ID, but the locator server 200 may bemanaged by the service provider. A plurality of service providers mayprovide a plurality of locator servers 200. The authentication server100 requires extremely high security in order to prevent the leakage ofthe device ID. However, as described above, since the device ID is notinformed to the locator server 200, and the locator server 200identifies the client terminal 300 by the locator ID, the locator server200 may be managed at lower security level than the authenticationserver 100. Therefore, it is possible to reduce cost necessary for theinstallation and management of the locator server 200. Providing thelocator server 200, which accepts the query requests from an indefinitenumber of client terminals 300, separately from the authenticationserver 100 makes it possible to improve the security of theauthentication server 100, and to prevent the leakage of the device ID.

[0051] (Second Embodiment)

[0052] A second embodiment will describe a communication managementsystem 10 which can manage a plurality of users with grouping. The wholestructure of the communication management system 10 according to thisembodiment is the same as that of the communication management system 10of the first embodiment shown in FIG. 1. The internal structures of anauthentication server 100 and a client terminal 300 according to thisembodiment are the same as those of the first embodiment shown in FIGS.5 and 8, respectively.

[0053]FIG. 9 shows the internal structure of a locator server 200according to this embodiment. The locator server 200 according to thisembodiment is provided with a group database 244, in addition to thestructure of the locator server 200 according to the first embodimentshown in FIG. 6. The other structure is the same as that of the firstembodiment, and the same reference numbers are used for the samestructure. Difference from the first embodiment will be mainly describedin what follows.

[0054]FIG. 10 shows an example of internal data of the user database 242according to this embodiment. The user database 242 according to thisembodiment is provided with a group ID field 408, in addition to theinternal data of the user database 242 according to the first embodimentshown in FIG. 7. An ID of a group, to which the user belongs, is storedin the group ID field 408. FIG. 11 shows an example of internal data ofthe group database 244. The group database 244 is provided with a groupID field 420, a member's number field 422, and locator ID fields 424.The number of members composing the group is stored in the member'snumber field 422. There are locator ID fields 424 of the same number asthe members, and a locator ID of a client terminal 300 of the membercomposing the group is stored in each locator ID field 424.

[0055] The registration reception unit 210 further acquires theinformation of the group to which the user belongs, in receivingregistration from the client terminal 300. The registration unit 212registers the received information on the user database 242 and thegroup database 244. In a case where the group has not been registered,the registration unit 212 newly registers the group on the groupdatabase 244. The query reception unit 230 receives a request for aninquiry about the group. Taking the case of accepting an inquiry aboutthe IP addresses of members who belong to a group with a group ID“0001,” for example, the search unit 232 searches through the groupdatabase 244 to acquire the locator IDs of the members who belong to thegroup with the group ID “0001.” Then, the search unit 232 searchesthrough the user database 242 to acquire the IP address of each member.The answer unit 234 replies the IP address of each member. According tothe foregoing structure, it is possible to manage the users withgrouping.

[0056] (Third Embodiment)

[0057] A third embodiment will describe a communication managementsystem 10 which can match communication partners between terminals. Thewhole structure of the communication management system 10 according tothis embodiment is the same as the communication management system 10 ofthe first embodiment shown in FIG. 1. The internal structures of anauthentication server 100 and a client terminal 300 according to thisembodiment are the same as those of the first embodiment shown in FIGS.5 and 8, respectively.

[0058]FIG. 12 shows the internal structure of a locator server 200according to this embodiment. The locator server 200 according to thisembodiment is provided with a matching control unit 236, in addition tothe structure of the locator server 200 according to the firstembodiment shown in FIG. 6. The other structure is the same as that ofthe first embodiment, and the same reference numbers are used for thesame structure. Difference from the first embodiment will be mainlydescribed in what follows.

[0059]FIG. 13 shows an example of internal data of a user database 242according to this embodiment. The user database 242 according to thisembodiment is provided with a media ID field 406, a community flag field410, a nickname field 412, and a network mode field 414, in addition tothe internal data of the user database 242 according to the firstembodiment shown in FIG. 7. A specific ID given to a recording mediumconnected to the client terminal 300 is stored in the media ID field406. Taking a case where the client terminal 300 is a game machine, forexample, the media ID suggests a type of a game which a user is playing.Information for distinguishing a type of application which the user isrunning may be stored instead of the media ID.

[0060] Information about whether or not the user requires acommunication partner is stored in the community flag field 410. Whenthe user requires the communication partner, information about the userhimself/herself, a type of desired communication partner and the like isalso stored in the community flag field 410. The information about thetype of the communication partner may include, for example, a type ofcommunication application such as a game, a chat, a telephone, and thelike, the age of the communication partner, and an attribute such as sexand the like. In the case of the game, the information may include thelevel of a player and the like. The community flag field 410 may bearbitrarily used by a service provider. Thus, it is possible toconstruct the system with more flexibility.

[0061] The nickname of the user is stored in the nickname field 412. Thenickname of the user may be accepted from the user, when the clientterminal 300 of the user makes a request to the locator server 200 forregistration. When the client terminal 300 memorizes the locator ID ofthe client terminal 300 of the communication partner, the clientterminal 300 correspondingly memorizes the nickname of the user too, sothat it is possible to manage the information of the communicationpartner with the easier and friendlier nickname.

[0062] In the network mode field 414, the network state of the clientterminal 300, such as information about, for example, whether directcommunication is possible or not and the like is stored. Thisinformation is used in such a case that, for example, when both of twousers who want to play a match against a plurality of players cannotdirectly communicate with each other, another user from outside who candirectly communicate is searched to play the match.

[0063] The user database 242 may be further provided with a field, inwhich information necessary for the matching of the communicationpartner, such as the attribute of the user and the like, is stored.Personal information such as the attribute of the user and the like maybe registered on the locator server 200 in advance, and held in the userdatabase 242.

[0064] In accepting registration from the client terminal 300, theregistration reception unit 210 receives the media ID of the recordingmedium connected to the client terminal 300, a request for matching, andthe like. The authentication request unit 310 of the client terminal 300reads the media ID of the recording medium connected to itself, toprovide it for the registration reception unit 210. The registrationunit 212 stores accepted information in the user database 242. The queryreception unit 230 receives a matching request from the client terminal300. The query reception unit 230 receives requirements such as, forexample, a type of game of which the user wants to play a match, a typeof application for communication, a request for a type of communicationpartner, and the like. The search unit 232 searches through the userdatabase 242 for the client terminal 300 of an appropriate user, on thebasis of the accepted requirements. The matching control unit 236matches up the communication partner based on search result. The answerunit 234 replies the matched communication partner to the clientterminal 300. Therefore, the user can automatically find out the desiredcommunication partner, and carry out communication with him/her.

[0065] The present invention has been described above based on theembodiments. These embodiments are given solely by way of illustration.It will be understood by those skilled in the art that various modifiedexamples may be made of combinations of the foregoing components andprocesses, and all such modified examples are also intended to fallwithin the scope of the present invention which is defined by theappended claims.

What is claimed is:
 1. A communication management system comprising: aterminal of a user; an authentication server which authenticates theterminal; and a management server which manages network address whichuniquely identifies the terminal on a network, the terminal comprising:a holding unit which holds a device ID which is specifically assigned tothe terminal in such a manner as to uniquely identify the terminal; anauthentication request unit which reads the device ID from the holdingunit, and sends the device ID to the authentication server to make arequest for authentication; a certificate acquisition unit whichacquires a certificate, which certifies success in the authentication,from the authentication server; and a registration request unit whichsends the certificate to the management server, to make a request forregistration of the network address, which is assigned to the ownterminal, the authentication server comprising: an authenticationreception unit which acquires the device ID from the terminal andreceives the request for the authentication; an authentication unitwhich authenticates the correctness of the device ID of the terminal;and a certificate issue unit which issues a certificate when succeedingin the authentication of the terminal, the management server comprising:a database which holds an ID which uniquely identifies the terminal, andthe network address in a manner that they are associated with eachother; a registration reception unit which acquires the certificate fromthe terminal, and receives the request for registration of the networkaddress of the terminal; a registration unit which verifies thecorrectness of the certificate, and registers the ID and the networkaddress of the terminal in the database when the certificate isconfirmed to be correct; an inquiry reception unit which receives therequest for inquiring the network address of the terminal; a search unitwhich searches through the database on the basis of the ID of theterminal as the target of an inquiry, to acquire the network address ofthe terminal; and an answer unit which answers search result.
 2. Thecommunication management system according to claim 1, wherein theholding unit holds the device ID in such a manner that the device ID isun-rewritable from outside.
 3. The communication management systemaccording to claim 1, wherein the authentication server furthercomprises an ID issue unit which issues an ID for uniquely identifyingthe terminal when succeeding in authentication of the terminal, whereinthe registration reception unit receives the ID from the terminal, theID being issued by the ID issue unit to the terminal, and theregistration unit registers the ID, issued by the ID issue unit to theterminal, and the network address in the database.
 4. The communicationmanagement system according to claim 1, wherein the management serverfurther comprises a group database which holds information related to agroup including a plurality of the terminals, wherein the inquiryreception unit receives a request for an inquiry about the group, andthe search unit searches through the group database on the basis of therequest for the inquiry.
 5. The communication management systemaccording to claim 1, wherein the management server further comprises amatching control unit which controls matching of a communication partnerbetween the terminals, wherein the inquiry reception unit receives arequirement for the communication partner, and the search unit searchesthrough the database on the basis of the requirement, and the matchingcontrol unit determines the communication partner on the basis of searchresult, and the answer unit answers the communication partner.
 6. Amethod for managing communication comprising: reading a device ID by aterminal of a user, the device ID unique to the terminal being held in amemory in the terminal; sending the device ID from the terminal to anauthentication server for authenticating the terminal; authenticatingthe correctness of the device ID by the authentication server; issuing acertificate for certifying success in authentication by theauthentication server, when succeeding in the authentication; sendingthe certificate from the authentication server to the terminal; sendingthe certificate from the terminal to a management server, the managementserver managing a network address for uniquely identifying the terminalon a network; verifying the certificate by the management server; andstoring an ID for uniquely identifying the terminal and the networkaddress in a database by the management server, in a manner that theyare associated with each other, when the certificate is confirmed to becorrect.
 7. The method according to claim 6, wherein steps from readingthe device ID to storing in the database are automatically carried outwithout involvement by a user.
 8. The method according to claim 6further comprising: receiving a request for an inquiry about the networkaddress of the terminal by the management server; searching through thedatabase on the basis of the ID of the terminal by the managementserver, to acquire the network address of the terminal; and answeringthe network address by the management server.
 9. A terminal devicecomprising: a holding unit which holds a specific device ID, the deviceID being assigned so as to uniquely identify the terminal device itself;an authentication request unit which reads the device ID from theholding unit, and sends the device ID to an authentication server whichauthenticates the terminal, to make a request for authentication; acertificate acquisition unit which acquires a certificate, whichcertifies success in the authentication, from the authentication server;and a registration request unit which sends the certificate to amanagement server which manages a network address for uniquelyidentifying the terminal device on a network, to make a request forregistration of the network address assigned to the own terminal device.10. A method for managing communication comprising: reading a specificdevice ID from a memory, the device ID being assigned so as to uniquelyidentify a terminal; sending the device ID to an authentication serverwhich authenticates the terminal, to make a request for authentication;acquiring a certificate, which certifies success in the authentication,from the authentication server; and sending the certificate to amanagement server which manages a network address for uniquelyidentifying the terminal on a network, in order to make a request forregistration of the network address assigned to the terminal.
 11. Themethod according to claim 10, further comprising, prior to the step ofsending the certificate to make the request for registration: making arequest of a connection server for mediating connection to the networkto connect the terminal to the network; and acquiring the networkaddress assigned by the connection server to the terminal, wherein, inthe step of sending the certificate to make the request forregistration, registration of the network address assigned by theconnection server is required.
 12. A computer program which makes acomputer carry out: a function of reading a specific device ID from amemory, the device ID being assigned so as to uniquely identify aterminal; a function of sending the device ID to an authenticationserver which authenticates the terminal, to make a request forauthentication; a function of acquiring a certificate, which certifiessuccess in the authentication, from the authentication server; and afunction of sending the certificate to a management server which managesa network address for uniquely identifying the terminal on a network, inorder to make a request for registration of the network address assignedto the terminal.
 13. A computer-readable recording medium which stores aprogram to make a computer carry out: a function of reading a specificdevice ID from a memory, the device ID being assigned so as to uniquelyidentify a terminal; a function of sending the device ID to anauthentication server which authenticates the terminal, to make arequest for authentication; a function of acquiring a certificate, whichcertifies success in the authentication, from the authentication server;and a function of sending the certificate to a management server whichmanages a network address for uniquely identifying the terminal on anetwork, in order to make a request for registration of the networkaddress assigned to the terminal.
 14. A management server comprising: adatabase which holds an ID for uniquely identifying a terminal and anetwork address of the terminal in a manner that they are associatedwith each other; a registration reception unit which acquires acertificate from the terminal and receives a request for registration ofthe network address of the terminal, the certificate being issued by anauthentication server which authenticates the terminal to certifysuccess in authentication of the terminal; a registration unit whichverifies the correctness of the certificate, and registers the ID andthe network address of the terminal in the database, when thecertificate is confirmed to be correct; an inquiry reception unit whichreceives a request for an inquiry about the network address of theterminal; a search unit which searches through the database on the basisof the ID of the terminal as the target of the inquiry, to acquire thenetwork address of the terminal; and an answer unit which answers searchresult.
 15. A method for managing communication comprising: acquiring acertificate from a terminal, and receiving a request for registering anetwork address of the terminal, the certificate being issued by anauthentication server which authenticates the terminal to certifysuccess in authentication of the terminal; verifying the correctness ofthe certificate, and registering an ID for uniquely identifying theterminal and the network address of the terminal in a database, when thecertificate is confirmed to be correct; receiving a request for aninquiry about the network address of the terminal; searching through thedatabase on the basis of the ID of the terminal as the target of theinquiry, to acquire the network address of the terminal; and answeringsearch result.
 16. A computer program which makes a computer carry out:a function of acquiring a certificate from a terminal, and receiving arequest for registering a network address of the terminal, thecertificate being issued by an authentication server which authenticatesthe terminal to certify success in authentication of the terminal; afunction of verifying the correctness of the certificate, andregistering an ID for uniquely identifying the terminal and the networkaddress of the terminal in a database, when the certificate is confirmedto be correct; a function of receiving a request for an inquiry aboutthe network address of the terminal; a function of searching through thedatabase on the basis of the ID of the terminal as the target of theinquiry, to acquire the network address of the terminal; and a functionof answering search result.
 17. A computer-readable recording mediumwhich stores a program to make a computer carry out: a function ofacquiring a certificate from a terminal, and receiving a request forregistering a network address of the terminal, the certificate beingissued by an authentication server which authenticates the terminal tocertify success in authentication of the terminal; a function ofverifying the correctness of the certificate, and registering an ID foruniquely identifying the terminal and the network address of theterminal in a database, when the certificate is confirmed to be correct;a function of receiving a request for an inquiry about the networkaddress of the terminal; a function of searching through the database onthe basis of the ID of the terminal as the target of the inquiry, toacquire the network address of the terminal; and a function of answeringsearch result.